last executing test programs:

1.72264995s ago: executing program 0 (id=13):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000060000020000800000008000300", @ANYRES32=r2, @ANYBLOB="0800060023"], 0x24}}, 0x0)

1.722234285s ago: executing program 0 (id=14):
socket$unix(0x1, 0x5, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xffffffa8, &(0x7f0000000280)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b904021d080211000000040000a118000200e01d000e00000e1208000f0100810401a80016ea1f000840032e5f54c92011148ed08734843c8802033d0803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x48000)
r1 = socket$kcm(0x2, 0xa, 0x2)
write$nci(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="500401f7c038e1"], 0x7)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004200000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000106"], 0xffe)

1.00165041s ago: executing program 0 (id=24):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x4d6, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x20, 0x0, @in={0x2, 0x4e1d, @loopback}}]}, 0x50}, 0x1, 0x2000000000000000}, 0x0)

1.00085133s ago: executing program 0 (id=26):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x101}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

930.456796ms ago: executing program 0 (id=27):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610414000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b50000003ba9e86e412000000000000001000000009ebf2af397480716b3ddb9797da040e60dddc747272ff56959613d29425c6cfcfa40776af5c4f87fcd8001edfa3b19210ffc83d485726af57b726e557edc4bc003fe43825a00003d82d55ddcad6e"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)

930.124133ms ago: executing program 2 (id=28):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='>\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000114000005002a0001000000050029000100000008000300", @ANYRES32=r0], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824)

929.784575ms ago: executing program 0 (id=29):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x60040, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffe0}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffff5, 0x6, 0x7, 0x3}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

921.631637ms ago: executing program 2 (id=30):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="0815000000051104000000000000000001000005540201"], 0x1508}, 0x1, 0x28}, 0x0)

829.434995ms ago: executing program 2 (id=31):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x38, 0x1, 0x1, 0x301, 0x0, 0x0, {0xa}, [@CTA_LABELS_MASK={0xc, 0x17, [0xfffffff9, 0x10001]}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x6c010101}, {0x8, 0x2, @loopback}}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x8800) (async)
accept(r0, &(0x7f0000000040)=@isdn, &(0x7f00000000c0)=0x80)

829.06157ms ago: executing program 2 (id=32):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.empty_time\x00', 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
r2 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r2, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
connect$inet6(r2, &(0x7f00000003c0)={0xa, 0x4e22, 0xf, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000700)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000001c0)={r4, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000000)={r4, 0x9}, 0x8)
socket$rxrpc(0x21, 0x2, 0x2)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0xffffffffffffff3e)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="180800f5d1e17b29248100000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080))

772.689838ms ago: executing program 2 (id=33):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f0000000000)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000080)=0x2c)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0x4a, &(0x7f00000003c0)=""/74, 0x40f00, 0x3, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x5, 0x1, 0x18c9d50b, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa1c}, 0x94)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="02004db90980ffff", 0x8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)

771.58592ms ago: executing program 2 (id=34):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000008c0)=0x2, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000000103010100000200000000000000"], 0x20}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xc0}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x7, 0x1, 0x0, 0x0, 0x0, {0x3, 0x0, 0x6}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x850}, 0x10)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e1f, @empty}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x28, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000300), 0x4)
writev(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r4}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)

109.559935ms ago: executing program 1 (id=36):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x111, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x10008800)

62.655913ms ago: executing program 1 (id=37):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc9b}, 0x94)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f00000028c0), &(0x7f0000000380)=0x60)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f0000000000)=0x2, 0x4)
ioctl$sock_proto_private(r4, 0x89e0, &(0x7f0000001080))
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000f52f10003b14000010000000000000000000", @ANYRES32=0x0, @ANYBLOB="70900400000000001800128008000100677470000c00028008000100", @ANYRES32=r3, @ANYBLOB="08000a004af4d5"], 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040093913f2e58c3e2fa0600800a0000100002800c00148108001500090000007761953feb700981d923a0a9e16641a2163a07ba7f5056baebdf5646d2f1d3c5fe866cb7f11013bc08a13e6e8a8b16d58f2a7477fd9b58f58cb9de3a4a81c6d186516469963371098ca78dd79fa7a2269e91de346646ea656b482b7573de491b31b7a2167e7f7e5af732befd8d4ef8d31682c27e"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc004)
ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r1, 0xf505, 0x0)

62.040717ms ago: executing program 1 (id=38):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)

1.17955ms ago: executing program 1 (id=39):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000000)={{0x6, @netrom={0xbb, 0xbb, 0x2, 0xbb, 0xbb, 0x0, 0x0}, 0x6}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0xfffffee7, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000220c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000002100000000050000000000000095c333d4c0a3ecdd69086b8e4c36439a8808b90ea579cdf8bd475a470064827701f4169ebebecb5bba94f06f020fb64e5594a86f5f00000000000008c7533dc98a94008d7d2a7d2c23bc3f4cc1992aebd29fd21e95b3c7c49de340c24cb6ba1a33740825c424ecd87a3b02ae7840be900964b6948074a8f2ed867fd6601b0ca02215f4c2a5157135575fa1903abe92246853cb7cb868a3b2524a92bfa8aaeaf3ff3f08fb97ec0c126bfea903ef567bdf48aecb23342c8102732b7257f65b1f7d82adec836fd77d2f5c6e6c18ae428531d9e4d906b0a19827bffab9ced1e24e8f063d44fb76dd59e75486"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r6, 0x11, 0x0, 0x0, @void, @value=r5}, 0x20)

143.545µs ago: executing program 1 (id=40):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

0s ago: executing program 1 (id=41):
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r2, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), r3)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r6, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}], 0x1, 0x4008004)
shutdown(r6, 0x1)
bind$inet6(r6, &(0x7f0000000500)={0xa, 0x4e23, 0xe10, @loopback, 0x7}, 0x1c)
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x5c, r5, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffff7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8050}, 0x800)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r3, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r4, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000001100), r3)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000540)={0x0, r1}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict={0x1, 0x0, 0x0, 0xb, 0x1}]}}, 0x0, 0x26}, 0x28)
r7 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r7, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2}, {0x0, [0x0]}}, &(0x7f0000001f80)=""/226, 0x26, 0x81, 0x2}, 0x20)
r8 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet6_buf(r8, 0x29, 0x32, &(0x7f0000000200)="95de66096bcc111518d3640f969ee0f145ae77ab", 0x14)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:7320' (ED25519) to the list of known hosts.
syzkaller login: [   47.848615][ T5814] cgroup: Unknown subsys name 'net'
[   47.986645][ T5814] cgroup: Unknown subsys name 'cpuset'
[   47.991384][ T5814] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.472021][ T5814] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.077795][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.081791][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.084930][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.087854][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.090649][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.093590][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.095906][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.103060][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.119748][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.123031][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.177610][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.180519][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.183359][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.186029][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.188734][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.305851][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   53.404923][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   53.418605][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.422252][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.426047][ T5823] bridge_slave_0: entered allmulticast mode
[   53.430058][ T5823] bridge_slave_0: entered promiscuous mode
[   53.445029][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.448130][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.451119][ T5823] bridge_slave_1: entered allmulticast mode
[   53.455067][ T5823] bridge_slave_1: entered promiscuous mode
[   53.503736][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   53.513650][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.527122][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.598078][ T5823] team0: Port device team_slave_0 added
[   53.605479][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.608137][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.610544][ T5827] bridge_slave_0: entered allmulticast mode
[   53.614071][ T5827] bridge_slave_0: entered promiscuous mode
[   53.617294][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.619829][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.622631][ T5827] bridge_slave_1: entered allmulticast mode
[   53.626452][ T5827] bridge_slave_1: entered promiscuous mode
[   53.629696][ T5823] team0: Port device team_slave_1 added
[   53.677673][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.682167][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.714390][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.716674][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.718981][ T5832] bridge_slave_0: entered allmulticast mode
[   53.721681][ T5832] bridge_slave_0: entered promiscuous mode
[   53.725580][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.728450][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.737199][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.741303][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.744567][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.747475][ T5832] bridge_slave_1: entered allmulticast mode
[   53.750653][ T5832] bridge_slave_1: entered promiscuous mode
[   53.754470][ T5827] team0: Port device team_slave_0 added
[   53.765932][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.768550][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.777066][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.785714][ T5827] team0: Port device team_slave_1 added
[   53.796536][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.801554][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.843108][ T5832] team0: Port device team_slave_0 added
[   53.857801][ T5823] hsr_slave_0: entered promiscuous mode
[   53.860129][ T5823] hsr_slave_1: entered promiscuous mode
[   53.863264][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.865504][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.874339][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.879860][ T5832] team0: Port device team_slave_1 added
[   53.882833][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.885122][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.893935][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.952345][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.955299][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.965896][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.971542][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.974859][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.984920][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.024041][ T5827] hsr_slave_0: entered promiscuous mode
[   54.026397][ T5827] hsr_slave_1: entered promiscuous mode
[   54.028788][ T5827] debugfs: 'hsr0' already exists in 'hsr'
[   54.030651][ T5827] Cannot create hsr debugfs directory
[   54.086542][ T5832] hsr_slave_0: entered promiscuous mode
[   54.089397][ T5832] hsr_slave_1: entered promiscuous mode
[   54.091930][ T5832] debugfs: 'hsr0' already exists in 'hsr'
[   54.094571][ T5832] Cannot create hsr debugfs directory
[   54.242318][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.256776][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.261884][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.276179][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.305904][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.312182][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.317279][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.328077][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.386436][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.391731][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.400627][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.411057][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.471442][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.508568][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   54.523505][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.528874][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.539180][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.542078][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.555814][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.558279][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.588464][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   54.595731][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.598095][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.603837][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   54.626235][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.629315][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.640146][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.642427][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.653988][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.656324][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.818053][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.832154][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.845670][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.875625][ T5823] veth0_vlan: entered promiscuous mode
[   54.882516][ T5823] veth1_vlan: entered promiscuous mode
[   54.912273][ T5832] veth0_vlan: entered promiscuous mode
[   54.916314][ T5823] veth0_macvtap: entered promiscuous mode
[   54.922133][ T5823] veth1_macvtap: entered promiscuous mode
[   54.934569][ T5827] veth0_vlan: entered promiscuous mode
[   54.938042][ T5832] veth1_vlan: entered promiscuous mode
[   54.950876][ T5827] veth1_vlan: entered promiscuous mode
[   54.955807][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.967151][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.984741][ T5673] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.997120][ T5832] veth0_macvtap: entered promiscuous mode
[   55.000905][ T5673] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.008306][ T5827] veth0_macvtap: entered promiscuous mode
[   55.012074][ T5673] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.015324][ T5673] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.022010][ T5832] veth1_macvtap: entered promiscuous mode
[   55.026173][ T5827] veth1_macvtap: entered promiscuous mode
[   55.052620][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.071207][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.095614][ T5853] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.099570][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.106053][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.110481][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.113896][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.119105][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.123970][   T54] Bluetooth: hci0: command tx timeout
[   55.124825][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.140158][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.171634][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.174857][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.181384][  T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.181783][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.187613][  T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.190951][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.198104][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.201358][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.206382][   T54] Bluetooth: hci2: command tx timeout
[   55.208912][   T54] Bluetooth: hci1: command tx timeout
[   55.259434][ T5823] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.261491][ T3597] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.289204][ T3597] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.320504][ T3597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.325763][ T3597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.360439][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.367105][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.440972][ T5894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4'.
[   55.532046][ T5896] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'.
[   55.548265][ T5899] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   55.555312][ T5899] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   55.564642][ T5899] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   55.634823][ T5901] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   55.952107][ T5916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'.
[   55.955884][ T5916] netlink: 32 bytes leftover after parsing attributes in process `syz.0.11'.
[   55.970068][ T5916] warning: `syz.0.11' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   56.040160][ T5920] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.12'.
[   56.236964][ T5926] syz.0.14 uses obsolete (PF_INET,SOCK_PACKET)
[   56.391361][ T5931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16'.
[   56.399534][ T5931] netlink: 24 bytes leftover after parsing attributes in process `syz.1.16'.
[   56.455966][ T5933] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.17'.
[   56.459560][ T5933] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.17'.
[   56.471746][ T5935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16'.
[   56.576430][ T5941] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[   56.584753][ T5940] IPVS: stopping backup sync thread 5941 ...
[   56.746392][ T5947] Driver unsupported XDP return value 0 on prog  (id 8) dev N/A, expect packet loss!
[   57.002621][ T5967] tipc: Started in network mode
[   57.009649][ T5967] tipc: Node identity ba0d0fc41e63, cluster identity 4711
[   57.022297][ T5967] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   57.028967][ T5967] syzkaller0: entered promiscuous mode
[   57.030954][ T5967] syzkaller0: entered allmulticast mode
[   57.054170][ T5967] syzkaller0: mtu less than device minimum
[   57.070078][ T5966] tipc: Resetting bearer <eth:syzkaller0>
[   57.078754][ T5966] tipc: Disabling bearer <eth:syzkaller0>
[   57.283030][ T5830] Bluetooth: hci1: command tx timeout
[   57.284066][   T54] Bluetooth: hci2: command tx timeout
[   57.772218][ T5935] syz.1.16 (5935) used greatest stack depth: 20920 bytes left
[   57.850472][ T5987] openvswitch: netlink: Flow key attr not present in new flow.
[   57.924087][ T4583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.926735][ T4583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.938543][ T5853] ------------[ cut here ]------------
[   57.940501][ T5853] WARNING: CPU: 1 PID: 5853 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440
[   57.944067][ T5853] Modules linked in:
[   57.945737][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93-dirty #0 PREEMPT(full) 
[   57.949790][ T5853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   57.953286][ T5853] Workqueue: cfg80211 cfg80211_event_work
[   57.955350][ T5853] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[   57.957337][ T5853] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 08 df a3 00 cc e8 72 5f ef f6 90 0f 0b 90 eb bd e8 67 5f ef f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 57 5f ef f6 90 0f 0b 90 e9 de fd
[   57.963504][ T5853] RSP: 0018:ffffc90003fcf8e0 EFLAGS: 00010293
[   57.965542][ T5853] RAX: ffffffff8ad02da9 RBX: dffffc0000000000 RCX: ffff888108f78000
[   57.968200][ T5853] RDX: 0000000000000000 RSI: ffffffff8d97b817 RDI: ffffffff8be2fd00
[   57.970935][ T5853] RBP: ffffc90003fcf9b8 R08: ffffffff8fa07237 R09: 1ffffffff1f40e46
[   57.973556][ T5853] R10: dffffc0000000000 R11: fffffbfff1f40e47 R12: ffff88810da2cd90
[   57.976161][ T5853] R13: 1ffff920007f9f24 R14: ffff88803b4c3338 R15: 0000000000000006
[   57.978726][ T5853] FS:  0000000000000000(0000) GS:ffff8881a3c79000(0000) knlGS:0000000000000000
[   57.981592][ T5853] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.983769][ T5853] CR2: 00007fb5860e56c0 CR3: 000000000df36000 CR4: 00000000000006f0
[   57.987222][ T5853] Call Trace:
[   57.988398][ T5853]  <TASK>
[   57.989422][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   57.991186][ T5853]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[   57.993440][ T5853]  ? __pfx___mutex_lock+0x10/0x10
[   57.995095][ T5853]  cfg80211_process_wdev_events+0x38a/0x4f0
[   57.997179][ T5853]  cfg80211_process_rdev_events+0xa1/0x110
[   57.999090][ T5853]  cfg80211_event_work+0x2c/0x60
[   58.000738][ T5853]  ? process_scheduled_works+0x9ef/0x17b0
[   58.002915][ T5853]  process_scheduled_works+0xae1/0x17b0
[   58.004956][ T5853]  ? __pfx_process_scheduled_works+0x10/0x10
[   58.007194][ T5853]  worker_thread+0x8a0/0xda0
[   58.008837][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.011085][ T5853]  ? __kthread_parkme+0x7b/0x200
[   58.012897][ T5853]  kthread+0x711/0x8a0
[   58.014278][ T5853]  ? __pfx_worker_thread+0x10/0x10
[   58.016175][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.017718][ T5853]  ? _raw_spin_unlock_irq+0x23/0x50
[   58.019468][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   58.021172][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.022868][ T5853]  ret_from_fork+0x3fc/0x770
[   58.024439][ T5853]  ? __pfx_ret_from_fork+0x10/0x10
[   58.026120][ T5853]  ? __switch_to_asm+0x39/0x70
[   58.027653][ T5853]  ? __switch_to_asm+0x33/0x70
[   58.029290][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.031064][ T5853]  ret_from_fork_asm+0x1a/0x30
[   58.033233][ T5853]  </TASK>
[   58.034392][ T5853] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   58.036838][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93-dirty #0 PREEMPT(full) 
[   58.040785][ T5853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   58.044114][ T5853] Workqueue: cfg80211 cfg80211_event_work
[   58.046012][ T5853] Call Trace:
[   58.047140][ T5853]  <TASK>
[   58.048118][ T5853]  dump_stack_lvl+0x99/0x250
[   58.049635][ T5853]  ? __asan_memcpy+0x40/0x70
[   58.051170][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.052890][ T5853]  ? __pfx__printk+0x10/0x10
[   58.054449][ T5853]  vpanic+0x27a/0x730
[   58.055793][ T5853]  ? __pfx__printk+0x10/0x10
[   58.057336][ T5853]  ? __pfx_vpanic+0x10/0x10
[   58.058801][ T5853]  ? is_bpf_text_address+0x26/0x2b0
[   58.060462][ T5853]  panic+0xb9/0xc0
[   58.061677][ T5853]  ? __pfx_panic+0x10/0x10
[   58.063098][ T5853]  __warn+0x31b/0x4b0
[   58.064403][ T5853]  ? __cfg80211_ibss_joined+0x3ca/0x440
[   58.066199][ T5853]  ? __cfg80211_ibss_joined+0x3ca/0x440
[   58.067981][ T5853]  report_bug+0x2be/0x4f0
[   58.069376][ T5853]  ? __cfg80211_ibss_joined+0x3ca/0x440
[   58.071178][ T5853]  ? __cfg80211_ibss_joined+0x3ca/0x440
[   58.072948][ T5853]  ? __cfg80211_ibss_joined+0x3cc/0x440
[   58.074722][ T5853]  handle_bug+0x84/0x160
[   58.076117][ T5853]  exc_invalid_op+0x1a/0x50
[   58.077597][ T5853]  asm_exc_invalid_op+0x1a/0x20
[   58.079160][ T5853] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[   58.081117][ T5853] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 08 df a3 00 cc e8 72 5f ef f6 90 0f 0b 90 eb bd e8 67 5f ef f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 57 5f ef f6 90 0f 0b 90 e9 de fd
[   58.087066][ T5853] RSP: 0018:ffffc90003fcf8e0 EFLAGS: 00010293
[   58.088999][ T5853] RAX: ffffffff8ad02da9 RBX: dffffc0000000000 RCX: ffff888108f78000
[   58.091512][ T5853] RDX: 0000000000000000 RSI: ffffffff8d97b817 RDI: ffffffff8be2fd00
[   58.093992][ T5853] RBP: ffffc90003fcf9b8 R08: ffffffff8fa07237 R09: 1ffffffff1f40e46
[   58.096444][ T5853] R10: dffffc0000000000 R11: fffffbfff1f40e47 R12: ffff88810da2cd90
[   58.098946][ T5853] R13: 1ffff920007f9f24 R14: ffff88803b4c3338 R15: 0000000000000006
[   58.101456][ T5853]  ? __cfg80211_ibss_joined+0x3c9/0x440
[   58.103173][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   58.104816][ T5853]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[   58.106682][ T5853]  ? __pfx___mutex_lock+0x10/0x10
[   58.108341][ T5853]  cfg80211_process_wdev_events+0x38a/0x4f0
[   58.110230][ T5853]  cfg80211_process_rdev_events+0xa1/0x110
[   58.112098][ T5853]  cfg80211_event_work+0x2c/0x60
[   58.113674][ T5853]  ? process_scheduled_works+0x9ef/0x17b0
[   58.115530][ T5853]  process_scheduled_works+0xae1/0x17b0
[   58.117279][ T5853]  ? __pfx_process_scheduled_works+0x10/0x10
[   58.119184][ T5853]  worker_thread+0x8a0/0xda0
[   58.120688][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.122802][ T5853]  ? __kthread_parkme+0x7b/0x200
[   58.124662][ T5853]  kthread+0x711/0x8a0
[   58.126082][ T5853]  ? __pfx_worker_thread+0x10/0x10
[   58.127710][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.129206][ T5853]  ? _raw_spin_unlock_irq+0x23/0x50
[   58.131157][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[   58.132886][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.134433][ T5853]  ret_from_fork+0x3fc/0x770
[   58.135932][ T5853]  ? __pfx_ret_from_fork+0x10/0x10
[   58.137590][ T5853]  ? __switch_to_asm+0x39/0x70
[   58.139112][ T5853]  ? __switch_to_asm+0x33/0x70
[   58.140638][ T5853]  ? __pfx_kthread+0x10/0x10
[   58.142083][ T5853]  ret_from_fork_asm+0x1a/0x30
[   58.143626][ T5853]  </TASK>
[   58.145538][ T5853] Kernel Offset: disabled
[   58.147215][ T5853] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:58:39  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=0000000000000000 RCX=1315f5e0772d4d00 RDX=dffffc0000000000
RSI=ffff88802b0553e8 RDI=ffff8880247ea7b0 RBP=ffff8880247ea7b0 RSP=ffffc9000363f808
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=fffff520006c7efc
R12=0000000000000000 R13=0000000000000000 R14=ffff88802b0553e8 R15=ffff8880247e9cc0
RIP=ffffffff819d55c0 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f60046c9c80 ffffffff 00c00000
GS =0000 ffff8880b8679000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb585374c40 CR3=000000001fae4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000000238 0000000000003230
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffff0000 XMM09=6c6c696b66722f38 7968702f31313230
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000005b RBX=000000000000005b RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003fcf090
R8 =ffff88801d3e8237 R9 =1ffff11003a7d046 R10=dffffc0000000000 R11=ffffffff854bdf00
R12=dffffc0000000000 R13=ffffffff99a9b8e1 R14=ffffffff99da04a0 R15=0000000000000000
RIP=ffffffff854bdf7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c79000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb5860e56c0 CR3=00000000262be000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fb585412e53
XMM06=0000000000000000 00007fb585412e4d XMM07=0000000000000000 00007fb585412e61
XMM08=0000000000000000 00007fb585412ee7 XMM09=0000000000000000 00007fb585412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
